VDB
CVE-2025-20088
CVE-2025-20088
PUBLISHED
CVSS 6.5 MEDIUM
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
EPSS 0.45% · 63.9th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.45%
63.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mattermost | mattermost_server | 9.11.0, 10.0.0, 10.2.0 |
| Mattermost | Mattermost | 10.2.0, 9.11.0, 10.0.0 |
| github.com | mattermost/mattermost/server/v8 | 10.2.0, 10.1.0, 10.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-20088 (circl-sighting)
- CIRCL seen: CVE-2025-20088 (circl-sighting)
- https://mattermost.com/security-updates (circl)
Timeline
- Jan 15, 2025 CVE Published
- Jan 15, 2025 PoC Published
- Jan 15, 2025 PoC Published
- Jan 16, 2025 EPSS Score
- Jan 17, 2025 CVE Updated
- Jan 31, 2025 EPSS Score
- Feb 16, 2025 EPSS Score
- Mar 3, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Apr 2, 2025 Coalition ESS Score
- Apr 3, 2025 EPSS Score
- Apr 19, 2025 EPSS Score